Security Weekly Podcast Network (Audio)

Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-573

This week:
CSA issues guidance to CISOs on Mythos
Vuln management woes
Windows tells you about Secure Boot
AI-assisted firmware vuln hunting
The dumbest hack
Edge decay and the failing perimeter
Mac OS X on a Wii
Little snitch comes to Linux
CPUID served malware
Buying plugins to backdoor them
Addicted to hacking
Is Mythos just a sales pitch?
We are still talking about Adobe Acrobat vulns
A single line AI jailbreak
Hacking Apple Intelligence
Don't leave your ICS device or RDP exposed to the Internet!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-922

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think.
Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers.
Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET’s global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats.
This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them!
Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-443

Amish Conversion, Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, Outlook Lite, Air Traffic Control, Kieran Human, and More on the Security Weekly News.
Segment Resources: https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data-wiping-attack/
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-572

It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off, how it complements other supply chain security efforts like SLSA, and why they updated it with explicit coverage for AI.
They show what goes into making a project relevant and -- most importantly -- successful at defending how supply chains are attacked. They're also looking for more feedback and participation! If you build software packages, consume software packages, or have an interest in helping organizations stay secure, check it out!
Resources
https://owasp.org/www-project-spvs/
https://github.com/OWASP/www-project-spvs/blob/main/1.5/ReleaseNotesOWASPSPVS1.5-AI-Pipeline-Security.md
https://youtu.be/-WoqGDdivGw?si=kK5-csbnTw8Y4g2J -- The Story Behind OWASP SPVS
https://slsa.dev
Zero Trust That Actually Ships: Moving From Strategy Decks to Real Security
Most enterprise organizations have been working at Zero Trust for years and fail to deliver truly secure environments. Rohan Ravindranath shares insights that Zappsec has gained from guiding the global teams that are succeeding at protecting their orgs. Discover the common pitfalls so you can deploy a solution that works.
This segment is sponsored by Zappsec. Visit https://securityweekly.com/zappsecrsac to learn more about them!
Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential
Enterprises ship code continuously, but most security validation still happens in snapshots. Novee CEO and co-founder Ido Geffen explains what “AI penetration testing” means, why it’s different from automated scanning, and why it’s becoming essential as attackers adopt AI to move faster. He breaks down what separates best-in-class AI pentesting: operator-like reasoning across real environments, validated exploitability, and the ability to uncover business logic flaws and multi-step attack chains. Ido covers the technology behind Novee’s AI penetration tester: a proprietary LLM model, built independently of “frontier” LLMs (like Claude, ChatGPT, Cursor, etc.), and consistently outperforming them at browser exploitation tests. Finally, he shares what buyers should demand in a live evaluation and how continuous retesting closes the loop after fixes ship.
This segment is sponsored by Novee Security. See what your attackers already know at https://securityweekly.com/noveersac.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-378